Path traversal vulnerabilities exists in many web applications. Nmap NSE gives penetration testers the ability to quickly write scripts to exploit them. Lua also supports string captures, which help a lot when extracting information using patterns with a simpler syntax than regular expressions.
This recipe will teach you how to write an NSE script to exploit a path traversal vulnerability existing in some models of TP-Link routers.
We will write an NSE script that exploits a path traversal vulnerability in several TP-Link routers. We will take advantage of a few NSE libraries and Lua's string library:
Create the file
http-tplink-dir-traversal.nse
and complete the NSE information tags:description = [[ Exploits a directory traversal vulnerability existing in several TP-Link wireless routers. Attackers may exploit this vulnerability to read any of the configuration and password files remotely and without authentication. This vulnerability...